From 0f03c00501f91e7f806f8cbdf65485ed6afcfd77e00cbcbd23bcc96256e6397b Mon Sep 17 00:00:00 2001 From: Michal Srb Date: Mon, 25 Sep 2017 15:11:16 +0000 Subject: [PATCH 1/5] Accepting request 528672 from home:michalsrb:branches:fate323880 - Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc. (fate#323207) - Replace java applet with novnc as web-based VNC viewer. (fate#323880) - Convert xinetd services to systemd socket activated services. (bnc#1058460) OBS-URL: https://build.opensuse.org/request/show/528672 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=120 --- tigervnc.changes | 12 +++ tigervnc.spec | 153 ++++++++++++++++++++++++++++------- vnc.xinetd | 90 --------------------- vnc_inetd_httpd | 114 -------------------------- x11vnc | 194 +++++++++++++++++++++++++++++++++++++++++++++ xvnc-novnc.service | 10 +++ xvnc-novnc.socket | 9 +++ xvnc.socket | 9 +++ xvnc@.service | 9 +++ 9 files changed, 368 insertions(+), 232 deletions(-) delete mode 100644 vnc.xinetd delete mode 100644 vnc_inetd_httpd create mode 100644 x11vnc create mode 100644 xvnc-novnc.service create mode 100644 xvnc-novnc.socket create mode 100644 xvnc.socket create mode 100644 xvnc@.service diff --git a/tigervnc.changes b/tigervnc.changes index 95380d2..8df3e84 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Sep 25 08:36:07 UTC 2017 - msrb@suse.com + +- Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc. + (fate#323207) + +- Replace java applet with novnc as web-based VNC viewer. + (fate#323880) + +- Convert xinetd services to systemd socket activated services. + (bnc#1058460) + ------------------------------------------------------------------- Mon Sep 11 14:12:30 UTC 2017 - fstrba@suse.com diff --git a/tigervnc.spec b/tigervnc.spec index 558a6e5..1fad7d5 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -22,6 +22,8 @@ %define tlskey %{_sysconfdir}/vnc/tls.key %define tlscert %{_sysconfdir}/vnc/tls.cert +%define _unitdir %{_prefix}/lib/systemd/system + Name: tigervnc Version: 1.8.0 Release: 0 @@ -53,6 +55,7 @@ BuildRequires: libgpg-error-devel BuildRequires: mozilla-nss BuildRequires: pam-devel BuildRequires: pkg-config +BuildRequires: systemd-rpm-macros BuildRequires: xmlto BuildRequires: xorg-x11-libICE-devel BuildRequires: xorg-x11-libSM-devel @@ -101,16 +104,20 @@ Summary: A high-performance, platform-neutral implementation of VNC License: GPL-2.0 and MIT Group: System/X11/Servers/XF86_4 Source1: https://github.com/TigerVNC/tigervnc/archive/v%{version}.tar.gz -Source3: vnc.xinetd Source4: 10-libvnc.conf Source5: vnc-server.firewall Source6: vnc-httpd.firewall -Source7: vnc_inetd_httpd -Source8: vnc.reg -Source9: vncpasswd.arg -Source10: vnc.pam -Source11: with-vnc-key.sh -Source12: index.vnc +Source7: vnc.reg +Source8: vncpasswd.arg +Source9: vnc.pam +Source10: with-vnc-key.sh +Source11: index.vnc +Source12: x11vnc +Source13: xvnc@.service +Source14: xvnc.socket +Source15: xvnc-novnc.service +Source16: xvnc-novnc.socket + Patch1: tigervnc-newfbsize.patch Patch2: tigervnc-clean-pressed-key-on-exit.patch Patch3: u_tigervnc-ignore-epipe-on-write.patch @@ -135,18 +142,15 @@ Requires(post): /usr/sbin/useradd Requires(post): /usr/sbin/groupadd # Needed to generate certificates Requires: openssl -# Needed to serve java applet -Requires: python -Requires: python-pyOpenSSL Requires: windowmanager Requires: xauth -Requires: xinetd Requires: xinit Requires: xkbcomp Requires: xkeyboard-config Requires: xorg-x11-fonts-core # For the with-vnc-key.sh script Requires: /bin/hostname +%{?systemd_requires} Provides: xorg-x11-Xvnc:/usr/lib/vnc/with-vnc-key.sh Summary: TigerVNC implementation of Xvnc Group: System/X11/Servers/XF86_4 @@ -154,6 +158,34 @@ Group: System/X11/Servers/XF86_4 %description -n xorg-x11-Xvnc This is the TigerVNC implementation of Xvnc. +%package -n xorg-x11-Xvnc-novnc +Requires: novnc +Requires: python-websockify +Requires: xorg-x11-Xvnc +%{?systemd_requires} +Summary: NoVNC service for Xvnc +Group: System/X11/Servers/XF86_4 +BuildArch: noarch + +%description -n xorg-x11-Xvnc-novnc +A service that starts noVNC linked to Xvnc server. + +%package -n xorg-x11-Xvnc-java +# Needed to serve java applet +# Requires: python +# Requires: python-pyOpenSSL + +# TODO: Requires? +BuildArch: noarch + +%{?systemd_requires} +Summary: VNC viewer in java +Group: System/X11/Servers/XF86_4 + +%description -n xorg-x11-Xvnc-java +A VNC client written in java that can be used as standalone application or as +an applet inside web page. + %package -n libXvnc1 Summary: X extension to control VNC module Group: System/Libraries @@ -169,6 +201,19 @@ Requires: libXvnc1 = %version %description -n libXvnc-devel Xvnc extension allows X clients to read and change VNC configuration. +%package x11vnc +Summary: Wrapper that starts x0vncserver +Group: System/X11/Servers/XF86_4 +Requires: python +Requires: xorg-x11-Xvnc +Provides: x11vnc +Conflicts: x11vnc +BuildArch: noarch + +%description x11vnc +This is a wrapper that looks like x11vnc, but starts x0vncserver instead. +It maps common x11vnc arguments to x0vncserver arguments. + %prep %setup -T -b1 -q cp -r /usr/src/xserver/* unix/xserver/ @@ -242,36 +287,40 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/vnc/classes install -m755 VncViewer.jar $RPM_BUILD_ROOT%{_datadir}/vnc/classes popd -install -D -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/xinetd.d/vnc %ifnarch s390x install -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/X11/xorg.conf.d/10-libvnc.conf %endif install -D -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-server install -D -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/services/vnc-httpd -install -D -m 755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/vnc_inetd_httpd -install -D -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc/slp.reg.d/vnc.reg -install -D -m 755 %{SOURCE9} $RPM_BUILD_ROOT%{_bindir}/vncpasswd.arg -install -D -m 644 %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/vnc -install -D -m 644 %{SOURCE12} $RPM_BUILD_ROOT%{_datadir}/vnc/classes +install -D -m 644 %{SOURCE7} $RPM_BUILD_ROOT/etc/slp.reg.d/vnc.reg +install -D -m 755 %{SOURCE8} $RPM_BUILD_ROOT%{_bindir}/vncpasswd.arg +install -D -m 644 %{SOURCE9} $RPM_BUILD_ROOT/etc/pam.d/vnc +install -D -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_datadir}/vnc/classes %if 0%{?suse_version} >= 1315 ln -s -f %{_sysconfdir}/alternatives/vncviewer $RPM_BUILD_ROOT%{_bindir}/vncviewer ln -s -f %{_sysconfdir}/alternatives/vncviewer.1.gz $RPM_BUILD_ROOT%{_mandir}/man1/vncviewer.1.gz %endif +mkdir -p %{buildroot}%{_sbindir} +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxvnc +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxvnc-novnc + mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/vnc mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/vnc -install -D -m 755 %{SOURCE11} $RPM_BUILD_ROOT%{_libexecdir}/vnc +install -D -m 755 %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/vnc + +install -D -m 755 %{SOURCE12} $RPM_BUILD_ROOT%{_bindir}/x11vnc + +install -D %{SOURCE13} -m 0444 %{buildroot}%{_unitdir}/xvnc@.service +install -D %{SOURCE14} -m 0444 %{buildroot}%{_unitdir}/xvnc.socket +install -D %{SOURCE15} -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.service +install -D %{SOURCE16} -m 0444 %{buildroot}%{_unitdir}/xvnc-novnc.socket rm -rf $RPM_BUILD_ROOT/usr/share/doc/tigervnc-* %find_lang '%{name}' -%pre -n xorg-x11-Xvnc -getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup} || : -getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || : -usermod -G shadow -a %{vncuser} || : - %post %if 0%{?suse_version} >= 1315 %_sbindir/update-alternatives \ @@ -286,6 +335,42 @@ if [ "$1" = 0 ] ; then fi %endif +%pre -n xorg-x11-Xvnc +# %service_add_pre xvnc@.service +%service_add_pre xvnc.socket + +getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup} || : +getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/empty -s /sbin/nologin -c "user for VNC" %{vncuser} || : +usermod -G shadow -a %{vncuser} || : + +%post -n xorg-x11-Xvnc +# %service_add_post xvnc@.service +%service_add_post xvnc.socket + +%preun -n xorg-x11-Xvnc +# %service_del_preun xvnc@.service +%service_del_preun xvnc.socket + +%postun -n xorg-x11-Xvnc +# %service_del_postun xvnc@.service +%service_del_postun xvnc.socket + +%pre -n xorg-x11-Xvnc-novnc +%service_add_pre xvnc-novnc.service +%service_add_pre xvnc-novnc.socket + +%post -n xorg-x11-Xvnc-novnc +%service_add_post xvnc-novnc.service +%service_add_post xvnc-novnc.socket + +%preun -n xorg-x11-Xvnc-novnc +%service_del_preun xvnc-novnc.service +%service_del_preun xvnc-novnc.socket + +%postun -n xorg-x11-Xvnc-novnc +%service_del_postun xvnc-novnc.service +%service_del_postun xvnc-novnc.socket + %post -n libXvnc1 -p /sbin/ldconfig %postun -n libXvnc1 -p /sbin/ldconfig @@ -330,7 +415,6 @@ fi %{_bindir}/vncpasswd.arg %{_bindir}/vncserver %{_bindir}/x0vncserver -%{_bindir}/vnc_inetd_httpd %exclude %{_mandir}/man1/Xserver.1* %{_mandir}/man1/Xvnc.1* @@ -339,6 +423,10 @@ fi %{_mandir}/man1/vncserver.1* %{_mandir}/man1/x0vncserver.1* +%{_unitdir}/xvnc@.service +%{_unitdir}/xvnc.socket +%{_sbindir}/rcxvnc + %exclude /usr/%{_lib}/xorg/protocol.txt %exclude /usr/%{_lib}/xorg/modules/extensions/libvnc.la %ifnarch s390 s390x @@ -359,7 +447,6 @@ fi %else %exclude /etc/X11/xorg.conf.d %endif -%config(noreplace) /etc/xinetd.d/vnc %dir /etc/slp.reg.d %config(noreplace) /etc/slp.reg.d/vnc.reg @@ -369,15 +456,21 @@ fi %exclude /usr/lib/debug/.* %exclude /usr/src/debug -%doc java/com/tigervnc/vncviewer/README -%{_datadir}/vnc - %dir %attr(0755,%{vncuser},%{vncuser}) %{_sysconfdir}/vnc %ghost %attr(0600,%{vncuser},%{vncuser}) %config(noreplace) %{tlskey} %ghost %attr(0644,%{vncuser},%{vncuser}) %config(noreplace) %{tlscert} %{_libexecdir}/vnc +%files -n xorg-x11-Xvnc-novnc +%{_unitdir}/xvnc-novnc.service +%{_unitdir}/xvnc-novnc.socket +%{_sbindir}/rcxvnc-novnc + +%files -n xorg-x11-Xvnc-java +%doc java/com/tigervnc/vncviewer/README +%{_datadir}/vnc + %files -n libXvnc1 %defattr(-,root,root) %{_libdir}/libXvnc.so.1* @@ -387,4 +480,8 @@ fi %{_libdir}/libXvnc.so %{_includedir}/X11/extensions/Xvnc.h +%files x11vnc +%defattr(-,root,root) +%{_bindir}/x11vnc + %changelog diff --git a/vnc.xinetd b/vnc.xinetd deleted file mode 100644 index 1ab18c5..0000000 --- a/vnc.xinetd +++ /dev/null @@ -1,90 +0,0 @@ -# default: off -# description: This serves out a VNC connection which starts at a KDM login \ -# prompt. This VNC connection has a resolution of 1024x768, 16bit depth. -service vnc1 -{ - type = UNLISTED - port = 5901 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM - disable = yes -} -# default: off -# description: This serves out a VNC connection which starts at a KDM login \ -# prompt. This VNC connection has a resolution of 1280x1024, 16bit depth. -service vnc2 -{ - type = UNLISTED - port = 5902 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1280x1024 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM - disable = yes -} -# default: off -# description: This serves out a VNC connection which starts at a KDM login \ -# prompt. This VNC connection has a resolution of 1600x1200, 16bit depth. -service vnc3 -{ - type = UNLISTED - port = 5903 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1600x1200 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM - disable = yes -} -# default: off -# description: This serves out the vncviewer Java applet for the VNC \ -# server running on port 5901, (vnc port 1). -service vnchttpd1 -{ - type = UNLISTED - port = 5801 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/vnc_inetd_httpd 1024 768 5901 - disable = yes -} -# default: off -# description: This serves out the vncviewer Java applet for the VNC \ -# server running on port 5902, (vnc port 2). -service vnchttpd2 -{ - type = UNLISTED - port = 5802 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/vnc_inetd_httpd 1280 1024 5902 - disable = yes -} -# default: off -# description: This serves out the vncviewer Java applet for the VNC \ -# server running on port 5902, (vnc port 3). -service vnchttpd3 -{ - type = UNLISTED - port = 5803 - socket_type = stream - protocol = tcp - wait = no - user = vnc - server = /usr/lib/vnc/with-vnc-key.sh - server_args = /usr/bin/vnc_inetd_httpd 1600 1200 5903 - disable = yes -} diff --git a/vnc_inetd_httpd b/vnc_inetd_httpd deleted file mode 100644 index 13d8777..0000000 --- a/vnc_inetd_httpd +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/env python - -# This is simple stupid WWW server intended to serve VNC java applet. -# It is made to be called by xinetd. -# It handles both HTTP and HTTPS on the same port. If HTTPS is allowed, any HTTP requests is responded with redirect to HTTPS. - -import re -import sys -import socket -import time - -from OpenSSL import SSL, crypto - -TLS_KEY = "/etc/vnc/tls.key" -TLS_CERT = "/etc/vnc/tls.cert" -JAR_FILE = "/usr/share/vnc/classes/VncViewer.jar" -TIMEOUT = 10 - -WIDTH = int(sys.argv[1]) -HEIGHT = int(sys.argv[2]) -VNC_PORT = int(sys.argv[3]) -USE_HTTPS = not (len(sys.argv) >= 5 and sys.argv[4] == "NoHTTPS") - - -# Take the stdin as our input socket (given from xinetd) -conn = sock = socket.fromfd(sys.stdin.fileno(), socket.AF_INET, socket.SOCK_STREAM) - -# If we are supposed to use HTTPS, load certificate and replace conn with SSL connection. -if USE_HTTPS: - cert = crypto.load_certificate(crypto.FILETYPE_PEM, open(TLS_CERT, 'r').read()) - - context = SSL.Context(SSL.SSLv23_METHOD) - context.use_privatekey_file(TLS_KEY) - context.use_certificate(cert) - - conn = SSL.Connection(context, sock) - conn.set_accept_state() - -# Send normal response -def send_response(connection, ctype, response): - connection.sendall( - "HTTP/1.0 200 OK\n" + - "Content-Type: " + ctype + "\n" + - "Content-Length: " + str(len(response)) + "\n" + - "Connection: close\n" + - "\n" + - response - ) - -# Send redirect -def send_redirect(connection, ctype, response, location): - connection.sendall( - "HTTP/1.0 301 Moved Permanently\n" + - "Location: " + location + "\n" + - "Content-Type: " + ctype + "\n" + - "Content-Length: " + str(len(response)) + "\n" + - "Connection: close\n" + - "\n" + - response - ) - - -# Try to read and parse HTTP request -try: - start_time = time.time() - buffer = '' - while True: - buffer += conn.recv(1024) - - if buffer.endswith("\r\n\r\n") or start_time + TIMEOUT < time.time(): - break - - method, url = buffer.split(" ", 2)[0:2] - - if url == '/VncViewer.jar': - with open(JAR_FILE, 'r') as file: - send_response(conn, "application/octet-stream", file.read()) - else: - response = \ - """ - - Remote Desktop - - - - - - """%(WIDTH, HEIGHT, VNC_PORT, 'X509None' if USE_HTTPS else 'TLSNone', cert.digest('SHA1') if USE_HTTPS else '') - - send_response(conn, "text/html", response) - -except SSL.Error: - # If SSL failed, it is most probably because the browser is actually trying to do normal HTTP request. - - # We have now a partially consumed HTTP request in sock, let's try if we can get Host header out of it - partial_request = sock.recv(8000) # Arbitrary big number, if the request is longer than this, we will just skip the rest. - - host = None - match = re.search(r"\r\nHost: ([^\r]+)\r\n", partial_request) - if match: - host = match.group(1) - - if host: - # If we got host header, we can redirect nicely with HTTP 301. - send_redirect(sock, "text.html", "Use https.", "https://" + host) - else: - # If we don't know the host header, redirect using javascript. - send_response(sock, "text.html", "Use https.") diff --git a/x11vnc b/x11vnc new file mode 100644 index 0000000..b916149 --- /dev/null +++ b/x11vnc @@ -0,0 +1,194 @@ +#!/usr/bin/env python + +# This is wrapper for x0vncserver that translate most common x11vnc arguments +# to x0vncserver's arguments + +import argparse +import socket +import os +import sys + +def is_port_free(port): + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.bind(('', port)) + sock.close() + return True + except socket.error as e: + return False + +def find_free_port(starting_port): + for port in range(starting_port, 6000): + if is_port_free(port): + return port + return None + +parser = argparse.ArgumentParser(add_help=False) + +parser.add_argument('-help', '-h', action='help') +parser.add_argument('--version', '-V', action='store_true') + +parser.add_argument('-storepasswd', nargs=2) + +parser.add_argument('-display') +parser.add_argument('-auth') +parser.add_argument('-N', action='store_true') +parser.add_argument('-rfbport', type=int) +parser.add_argument('-autoport', type=int, default=5900) +parser.add_argument('-6', dest='yes6', action='store_true') +parser.add_argument('-no6', action='store_true') + +#parser.add_argument('-once', action='store_true') # TODO: Add support to x0vncserver +parser.add_argument('-forever', '-many', action='store_true') +parser.add_argument('-viewonly', action='store_true') + +#parser.add_argument('-shared', action='store_true') # TODO? +parser.add_argument('-alwaysshared', action='store_true') +parser.add_argument('-nevershared', action='store_true') +parser.add_argument('-dontdisconnect', action='store_true') + +#parser.add_argument('-timeout', nargs=1, type=int) # TODO? + +parser.add_argument('-clip') +parser.add_argument('-deferupdate', type=int) +parser.add_argument('-noshm', action='store_true') + +#parser.add_argument('-allow', nargs=1) # TODO? +#parser.add_argument('-localhost') # TODO? + +parser.add_argument('-rfbauth') +parser.add_argument('-nopw', action='store_true') +parser.add_argument('-unixpw') + +# Accepted, but ignored arguments +ignored_arguments = ['-v', '-verbose', '-q', '-quiet'] +parser.add_argument(*ignored_arguments, dest='ignored_argument', action='store_true') + + +print('Warning: x11vnc is deprecated in favor of x0vncserver.') +print(' This is a wrapper that maps the most common set of x11vnc') +print(' arguments to x0vncserver arguments.') +print() +print(' Use x0vncserver directly if you want encrypted connection.') +print() + +args = parser.parse_args() + + +# Warnings +if args.ignored_argument: + print('Warning: x11vnc wrapper accepts but ignores following arguments:') + print(', '.join(ignored_arguments)) + + +# vncpasswd +if args.storepasswd: + (password, passwdfile) = args.storepasswd + + os.execlp('vncpasswd.arg', 'vncpasswd.arg', passwdfile, password) + + +# x0vncserver +new_args = ['x0vncserver'] + +default_security_type = 'None' +security_type = default_security_type + +if args.version: + new_args.append('-version') + +if args.display: + new_args.append('-display') + new_args.append(args.display) + +if args.auth: + os.environ['XAUTHORITY'] = args.auth + +if args.N: + display = args.display or os.environ['DISPLAY'] + if not display: + print('No display set') + sys.exit(1) + port = int(display.split(':')[-1]) + 5900 + if is_port_free(port): + new_args.append('-rfbport') + new_args.append(str(port)) + else: + print('Port %d is already used'%port) + sys.exit(1) + +if args.rfbport: + new_args.append('-rfbport') + new_args.append(str(args.rfbport)) +else: + port = find_free_port(args.autoport) + new_args.append('-rfbport') + new_args.append(str(port)) + +if args.yes6: + new_args.append('-UseIPv6') +if args.no6: + new_args.append('-UseIPv6=0') + +if args.forever: + # This is default in x0vncserver + pass + +if args.viewonly: + new_args.append('-AcceptKeyEvents=0') + new_args.append('-AcceptPointerEvents=0') + new_args.append('-AcceptCutText=0') + new_args.append('-AcceptSetDesktopSize=0') + +if args.alwaysshared: + new_args.append('-AlwaysShared') +if args.nevershared: + new_args.append('-NeverShared') +if args.dontdisconnect: + new_args.append('-DisconnectClients=0') +else: + new_args.append('-DisconnectClients') + +if args.clip: + new_args.append('-Geometry') + new_args.append(args.clip) + +if args.deferupdate: + new_args.append('-DeferUpdate') + new_args.append(str(args.deferupdate)) + +if args.noshm: + new_args.append('-UseSHM=0') + +if args.rfbauth: + security_type = 'VncAuth' + new_args.append('-PasswordFile') + new_args.append(args.rfbauth) + +if args.unixpw: + security_type = 'Plain' + new_args.append('-PlainUsers') + new_args.append(args.unixpw) + +new_args.append('-SecurityTypes') +new_args.append(security_type) + +if not args.nopw: + # Note: This is the same warning as the original x11vnc gives + if security_type == default_security_type: + print(""" +#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@# +#@ @# +#@ ** WARNING ** WARNING ** WARNING ** WARNING ** @# +#@ @# +#@ YOU ARE RUNNING X11VNC WITHOUT A PASSWORD!! @# +#@ @# +#@ This means anyone with network access to this computer @# +#@ may be able to view and control your desktop. @# +#@ @# +#@ >>> If you did not mean to do this Press CTRL-C now!! <<< @# +#@ @# +#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@# +""") + +os.execvp('x0vncserver', new_args) diff --git a/xvnc-novnc.service b/xvnc-novnc.service new file mode 100644 index 0000000..14a3690 --- /dev/null +++ b/xvnc-novnc.service @@ -0,0 +1,10 @@ +[Unit] +Description=noVNC Web Server +Requires=xvnc.socket +After=xvnc.socket + +[Service] +ExecStart=/usr/lib/vnc/with-vnc-key.sh /usr/bin/websockify --key /etc/vnc/tls.key --cert /etc/vnc/tls.cert --web /usr/share/novnc --inetd localhost:5901 +User=vnc +StandardInput=socket +StandardError=syslog diff --git a/xvnc-novnc.socket b/xvnc-novnc.socket new file mode 100644 index 0000000..87368d0 --- /dev/null +++ b/xvnc-novnc.socket @@ -0,0 +1,9 @@ +[Unit] +Description=noVNC Web Server + +[Socket] +ListenStream=5801 +Accept=False + +[Install] +WantedBy=sockets.target diff --git a/xvnc.socket b/xvnc.socket new file mode 100644 index 0000000..1bbca04 --- /dev/null +++ b/xvnc.socket @@ -0,0 +1,9 @@ +[Unit] +Description=Xvnc Server + +[Socket] +ListenStream=5901 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/xvnc@.service b/xvnc@.service new file mode 100644 index 0000000..6be8c73 --- /dev/null +++ b/xvnc@.service @@ -0,0 +1,9 @@ +[Unit] +Description=Xvnc Server + +[Service] +ExecStart=/usr/lib/vnc/with-vnc-key.sh /usr/bin/Xvnc -noreset -inetd -once -query localhost -geometry 1024x768 -securitytypes X509None,None -X509Key /etc/vnc/tls.key -X509Cert /etc/vnc/tls.cert -log *:syslog:30 -extension MIT-SHM +User=vnc +StandardInput=socket +StandardOutput=socket +StandardError=syslog From 4242e738264c19ada933523f8a6b81b4bc799adb1869f021d12680319b09d9e6 Mon Sep 17 00:00:00 2001 From: Michal Srb Date: Tue, 26 Sep 2017 11:56:28 +0000 Subject: [PATCH 2/5] - u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch * Fixes crash in x0vncserver after client disconnects. (bnc#1058587) OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=121 --- tigervnc.changes | 7 ++ tigervnc.spec | 2 + ...r-when-x0vncserver-client-disconnect.patch | 74 +++++++++++++++++++ 3 files changed, 83 insertions(+) create mode 100644 u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch diff --git a/tigervnc.changes b/tigervnc.changes index 8df3e84..c0e6c65 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Tue Sep 26 11:53:23 UTC 2017 - msrb@suse.com + +- u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch + * Fixes crash in x0vncserver after client disconnects. + (bnc#1058587) + +------------------------------------------------------------------ Mon Sep 25 08:36:07 UTC 2017 - msrb@suse.com - Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc. diff --git a/tigervnc.spec b/tigervnc.spec index 1fad7d5..311b239 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -129,6 +129,7 @@ Patch8: u_tigervnc-show-unencrypted-warning.patch Patch9: U_allow_multiple_certs_with_same_dn_in_saved_certs_file.patch Patch10: U_handle_certificate_verification_for_saved_certs_correctly.patch Patch11: u_tigervnc-add-autoaccept-parameter.patch +Patch12: u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch %description TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), @@ -229,6 +230,7 @@ cp -r /usr/src/xserver/* unix/xserver/ %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 pushd unix/xserver patch -p1 < ../xserver119.patch diff --git a/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch b/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch new file mode 100644 index 0000000..0ea3cfb --- /dev/null +++ b/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch @@ -0,0 +1,74 @@ +From b1d7c2caf496e7236fe43c69fd380fedb830a979 Mon Sep 17 00:00:00 2001 +From: Michal Srb +Date: Tue, 26 Sep 2017 13:45:36 +0200 +Subject: [PATCH] Unset pixel buffer when x0vncserver client disconnects. + +In XDesktop::start() we allocate pixel buffer and set it as the backend to the given VNCServer. +In XDesktop::stop() we deallocate the buffer, so we must unset it from the VNCServer as well. +Otherwise the VNCServer could try to access it and crash, for example in deferred update. +--- + common/rfb/VNCServerST.cxx | 14 ++++---------- + unix/x0vncserver/x0vncserver.cxx | 6 +++++- + 2 files changed, 9 insertions(+), 11 deletions(-) + +diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx +index 46c4be9b..99480133 100644 +--- a/common/rfb/VNCServerST.cxx ++++ b/common/rfb/VNCServerST.cxx +@@ -313,6 +313,8 @@ void VNCServerST::setPixelBuffer(PixelBuffer* pb_, const ScreenSet& layout) + screenLayout = layout; + + if (!pb) { ++ stopFrameClock(); ++ + if (desktopStarted) + throw Exception("setPixelBuffer: null PixelBuffer when desktopStarted?"); + return; +@@ -337,18 +339,10 @@ void VNCServerST::setPixelBuffer(PixelBuffer* pb_, const ScreenSet& layout) + + void VNCServerST::setPixelBuffer(PixelBuffer* pb_) + { +- ScreenSet layout; +- +- if (!pb_) { +- if (desktopStarted) +- throw Exception("setPixelBuffer: null PixelBuffer when desktopStarted?"); +- return; +- } +- +- layout = screenLayout; ++ ScreenSet layout = screenLayout; + + // Check that the screen layout is still valid +- if (!layout.validate(pb_->width(), pb_->height())) { ++ if (pb_ && !layout.validate(pb_->width(), pb_->height())) { + Rect fbRect; + ScreenSet::iterator iter, iter_next; + +diff --git a/unix/x0vncserver/x0vncserver.cxx b/unix/x0vncserver/x0vncserver.cxx +index 6fd6bc3b..ed5b1a10 100644 +--- a/unix/x0vncserver/x0vncserver.cxx ++++ b/unix/x0vncserver/x0vncserver.cxx +@@ -270,7 +270,8 @@ public: + TXWindow::setGlobalEventHandler(this); + } + virtual ~XDesktop() { +- stop(); ++ if (running) ++ stop(); + } + + inline void poll() { +@@ -327,6 +328,9 @@ public: + XDamageDestroy(dpy, damage); + #endif + ++ server->setPixelBuffer(0); ++ server = 0; ++ + delete pb; + pb = 0; + } +-- +2.12.3 + From f38e36d9bda1c52dcd9adb75cd31c859b26e5ec1d3e8fd8b92ed07bb61a8acf9 Mon Sep 17 00:00:00 2001 From: Michal Srb Date: Tue, 26 Sep 2017 12:02:29 +0000 Subject: [PATCH 3/5] Refresh u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch. OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=122 --- ...r-when-x0vncserver-client-disconnect.patch | 29 +++++++++---------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch b/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch index 0ea3cfb..f158306 100644 --- a/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch +++ b/u_Unset-pixel-buffer-when-x0vncserver-client-disconnect.patch @@ -11,11 +11,11 @@ Otherwise the VNCServer could try to access it and crash, for example in deferre unix/x0vncserver/x0vncserver.cxx | 6 +++++- 2 files changed, 9 insertions(+), 11 deletions(-) -diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx -index 46c4be9b..99480133 100644 ---- a/common/rfb/VNCServerST.cxx -+++ b/common/rfb/VNCServerST.cxx -@@ -313,6 +313,8 @@ void VNCServerST::setPixelBuffer(PixelBuffer* pb_, const ScreenSet& layout) +Index: tigervnc-1.8.0/common/rfb/VNCServerST.cxx +=================================================================== +--- tigervnc-1.8.0.orig/common/rfb/VNCServerST.cxx ++++ tigervnc-1.8.0/common/rfb/VNCServerST.cxx +@@ -312,6 +312,8 @@ void VNCServerST::setPixelBuffer(PixelBu screenLayout = layout; if (!pb) { @@ -24,7 +24,7 @@ index 46c4be9b..99480133 100644 if (desktopStarted) throw Exception("setPixelBuffer: null PixelBuffer when desktopStarted?"); return; -@@ -337,18 +339,10 @@ void VNCServerST::setPixelBuffer(PixelBuffer* pb_, const ScreenSet& layout) +@@ -335,18 +337,10 @@ void VNCServerST::setPixelBuffer(PixelBu void VNCServerST::setPixelBuffer(PixelBuffer* pb_) { @@ -45,12 +45,12 @@ index 46c4be9b..99480133 100644 Rect fbRect; ScreenSet::iterator iter, iter_next; -diff --git a/unix/x0vncserver/x0vncserver.cxx b/unix/x0vncserver/x0vncserver.cxx -index 6fd6bc3b..ed5b1a10 100644 ---- a/unix/x0vncserver/x0vncserver.cxx -+++ b/unix/x0vncserver/x0vncserver.cxx -@@ -270,7 +270,8 @@ public: - TXWindow::setGlobalEventHandler(this); +Index: tigervnc-1.8.0/unix/x0vncserver/x0vncserver.cxx +=================================================================== +--- tigervnc-1.8.0.orig/unix/x0vncserver/x0vncserver.cxx ++++ tigervnc-1.8.0/unix/x0vncserver/x0vncserver.cxx +@@ -176,7 +176,8 @@ public: + #endif } virtual ~XDesktop() { - stop(); @@ -59,7 +59,7 @@ index 6fd6bc3b..ed5b1a10 100644 } inline void poll() { -@@ -327,6 +328,9 @@ public: +@@ -223,6 +224,9 @@ public: XDamageDestroy(dpy, damage); #endif @@ -69,6 +69,3 @@ index 6fd6bc3b..ed5b1a10 100644 delete pb; pb = 0; } --- -2.12.3 - From 0cc98ec43d0821b83a741702b6910092b7f2586b574a181d87f45885f073bb2f Mon Sep 17 00:00:00 2001 From: Michal Srb Date: Mon, 2 Oct 2017 11:37:55 +0000 Subject: [PATCH 4/5] Clean the spec file. OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=123 --- tigervnc.spec | 9 --------- 1 file changed, 9 deletions(-) diff --git a/tigervnc.spec b/tigervnc.spec index 311b239..e0020b9 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -172,11 +172,6 @@ BuildArch: noarch A service that starts noVNC linked to Xvnc server. %package -n xorg-x11-Xvnc-java -# Needed to serve java applet -# Requires: python -# Requires: python-pyOpenSSL - -# TODO: Requires? BuildArch: noarch %{?systemd_requires} @@ -338,7 +333,6 @@ fi %endif %pre -n xorg-x11-Xvnc -# %service_add_pre xvnc@.service %service_add_pre xvnc.socket getent group %{vncgroup} > /dev/null || groupadd -r %{vncgroup} || : @@ -346,15 +340,12 @@ getent passwd %{vncuser} > /dev/null || useradd -r -g %{vncgroup} -d /var/lib/em usermod -G shadow -a %{vncuser} || : %post -n xorg-x11-Xvnc -# %service_add_post xvnc@.service %service_add_post xvnc.socket %preun -n xorg-x11-Xvnc -# %service_del_preun xvnc@.service %service_del_preun xvnc.socket %postun -n xorg-x11-Xvnc -# %service_del_postun xvnc@.service %service_del_postun xvnc.socket %pre -n xorg-x11-Xvnc-novnc From c09be8f498fc7c403d5f3f6573ac21b4f6fe1c90d9e51fd88a12fde916bb4535 Mon Sep 17 00:00:00 2001 From: Michal Srb Date: Mon, 2 Oct 2017 11:56:44 +0000 Subject: [PATCH 5/5] Fix changelog format. OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=124 --- tigervnc.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tigervnc.changes b/tigervnc.changes index c0e6c65..bb0d8d2 100644 --- a/tigervnc.changes +++ b/tigervnc.changes @@ -5,7 +5,7 @@ Tue Sep 26 11:53:23 UTC 2017 - msrb@suse.com * Fixes crash in x0vncserver after client disconnects. (bnc#1058587) ------------------------------------------------------------------- +------------------------------------------------------------------- Mon Sep 25 08:36:07 UTC 2017 - msrb@suse.com - Add tigervnc-x11vnc wrapper for x0vncserver that replaces x11vnc.